In news from the Wall Street Journal this week, Citigroup have admitted to a major vulnerability and potential security breach with their iPhone banking application. While Citibank spokeswoman Natalie Riper says that “there has been no data breach”, this is one of those situations that doesn’t exactly inspire consumer confidence.
In a recent review of its iPhone apps the huge banking group found that personal and sensitive information was being accidentally stored on its customers’ iPhones, as well as on any other computer that was used to access Apple Inc.’s iTunes program. Now that Citigroup are aware of this problem they have released an update for the program at fault, in order to stop it from storing the basic account and transaction data of its customers.
While Citigroup have not released – and for very good reason – any information regarding the exact nature of this problem, the inadvertently saved files seem to have occurred as a result of the synchronisation between iPhones and any computer using iTune software. Now that an update has been released, Citigroup do not envision any more problems with their iPhone application.
In a quote from respected Mac/iPhone security expert Charlie Miller, “the flaw would be difficult to exploit for a remote hacker, but trivial on a lost or stolen phone”. While this is hardly a mission critical scenario, it does go to show just how dependent we have all become on technology for our everyday needs, and just how easy it is even for respected corporations to have their eyes off the ball if only for a minute.
The application in question, the Citi Mobile App, is currently the 11th most-popular program in the iPhone App finance category, which goes to show the potential implications of this kind of oversight. With more and more high-risk finance related Apps being released all the time, it is vital that vulnerabilities like these are found before release, and not after.
